专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US08478797B2 Atomic deletion of database data categories 有权
标题翻译：原子删除数据库数据类别
公开(公告)号：US08478797B2
公开(公告)日：2013-07-02
申请号：US13485482
申请日：2012-05-31
申请人： Clifford E. Kahn , Roger A. Chickering
发明人： Clifford E. Kahn , Roger A. Chickering
IPC分类号： G06F17/30
CPC分类号： G06F17/30348
摘要： A device maintains, in a database, a plurality of data items, each data item of the plurality of data items being associated with a respective category. The device associates, in the database, a first counter value with each data item, the first counter value indicating a number of times the respective category has been deleted from the database at a time when the data item was stored in the database. The device associates, in the database or another database, a second counter value with the respective category, the second counter value indicating a current value for a number of times the respective category has been deleted from the database. The device selectively deletes, from the database, one or more data items of the plurality of data items from the database based on the first counter values and the second counter value.
摘要翻译：一种设备在数据库中维护多个数据项，所述多个数据项中的每个数据项与相应类别相关联。所述设备在数据库中与第一计数器值与每个数据项相关联，所述第一计数器值指示在数据项存储在数据库中时相应类别已从数据库中删除的次数。该设备在数据库或另一个数据库中将具有相应类别的第二计数器值相关联，第二计数器值指示相应类别已经从数据库中删除的次数的当前值。该设备基于第一计数器值和第二计数器值从数据库中选择性地从数据库中删除多个数据项中的一个或多个数据项。

2. 发明授权

US08290991B2 Atomic deletion of database data categories 有权
标题翻译：原子删除数据库数据类别
公开(公告)号：US08290991B2
公开(公告)日：2012-10-16
申请号：US12795426
申请日：2010-06-07
申请人： Clifford E. Kahn , Roger A. Chickering
发明人： Clifford E. Kahn , Roger A. Chickering
IPC分类号： G06F17/30
CPC分类号： G06F17/30997
摘要： A device may maintain, in a database, a plurality of data items, each data item of the plurality of data items being associated with a respective category and supplemental information relating to deletion of the data item. The device may associate a group of counters with at least one of the categories and receive a deletion request corresponding to one of the group of categories, the deletion request including the supplemental information. The device may identify a counter associated with the category corresponding to the deletion request based on the supplemental information. The device may then increment the identified counters and selectively delete the data items based on values of the counters.
摘要翻译：设备可以在数据库中维护多个数据项，多个数据项中的每个数据项与相应的类别相关联，以及与数据项的删除有关的补充信息。设备可以将一组计数器与至少一个类别相关联，并且接收与该组类别中的一个类别相对应的删除请求，该删除请求包括补充信息。该装置可以基于补充信息识别与该删除请求对应的类别相关联的计数器。然后，设备可以递增所识别的计数器，并且基于计数器的值选择性地删除数据项。

3. 发明授权

US08094812B1 Updating stored passwords 有权
标题翻译：更新存储的密码
公开(公告)号：US08094812B1
公开(公告)日：2012-01-10
申请号：US11864598
申请日：2007-09-28
申请人： Andy Tsang , Roger A. Chickering , Clifford E. Kahn , Jeffrey C. Venable, Sr.
发明人： Andy Tsang , Roger A. Chickering , Clifford E. Kahn , Jeffrey C. Venable, Sr.
IPC分类号： H04K1/00
CPC分类号： H04L63/083 , G06F17/30097 , H04L9/3226 , H04L9/3236 , H04L63/126 , H04L67/02 , H04L67/42
摘要： A device may include an authentication server and a server. The authentication server may receive a first form of a password from a client device in accordance with an authentication protocol, and authenticate the client device based on a comparison of the first form to a value derived from a second form of the password stored in a password database, where the comparison fails when the first form is not comparable to a value derived from the second form. The server may establish a secure connection to the client, receive a plain-text password from the client device over the secure connection, authenticate the client device by comparing a value derived from the plain-text password with a value derived from the second form, and update the password database with a third form of the password that permits the authentication server to successfully authenticate the client device when the authentication server receives the first form.
摘要翻译：设备可以包括认证服务器和服务器。认证服务器可以根据认证协议从客户端设备接收第一形式的密码，并且基于第一形式与从存储在密码中的密码的第二形式导出的值的比较来认证客户端设备数据库，当第一个表单与从第二个表单导出的值不可比较时，比较失败。服务器可以建立与客户端的安全连接，通过安全连接从客户端设备接收明文密码，通过将从纯文本密码导出的值与从第二形式导出的值进行比较来认证客户端设备，并使用允许认证服务器在认证服务器接收到第一个表单时成功认证客户端设备的第三种形式的密码来更新密码数据库。

4. 发明授权

US09001999B2 Updating stored passwords 有权
标题翻译：更新存储的密码
公开(公告)号：US09001999B2
公开(公告)日：2015-04-07
申请号：US13312062
申请日：2011-12-06
申请人： Andy Tsang , Roger A. Chickering , Clifford E. Kahn , Jeffrey C. Venable, Sr.
发明人： Andy Tsang , Roger A. Chickering , Clifford E. Kahn , Jeffrey C. Venable, Sr.
IPC分类号： G06F21/00 , H04L9/28 , H04L29/06 , H04L9/32
CPC分类号： H04L63/083 , G06F17/30097 , H04L9/3226 , H04L9/3236 , H04L63/126 , H04L67/02 , H04L67/42
摘要： A device may include an authentication server and a server. The authentication server may receive a first form of a password from a client in accordance with an authentication protocol, and authenticate the client based on a comparison of the first form to a value derived from a second form of the password stored in a password database. The comparison fails when the first form is not comparable to a value derived from the second form. The server may establish a secure connection to the client, receive a plain-text password from the client over the secure connection, authenticate the client by comparing a value derived from the plain-text password with a value derived from the second form, and update the password database with a third form of the password that permits the authentication server to successfully authenticate the client when the authentication server receives the first form.
摘要翻译：设备可以包括认证服务器和服务器。验证服务器可以根据认证协议从客户端接收第一形式的密码，并且基于第一形式与从密码数据库中存储的密码的第二形式导出的值的比较来认证客户端。当第一种形式与从第二种形式得出的值不相称时，比较失败。服务器可以建立到客户端的安全连接，通过安全连接从客户端接收明文密码，通过将从纯文本密码导出的值与从第二种形式导出的值进行比较来验证客户端，并更新密码数据库具有第三种形式的密码，允许认证服务器在认证服务器接收到第一个表单时成功验证客户端。

5. 发明授权

US08312540B1 System for slowing password attacks 有权
标题翻译：缓解密码攻击的系统
公开(公告)号：US08312540B1
公开(公告)日：2012-11-13
申请号：US12198674
申请日：2008-08-26
申请人： Clifford E. Kahn , Jeffrey C. Venable, Sr. , Roger A. Chickering
发明人： Clifford E. Kahn , Jeffrey C. Venable, Sr. , Roger A. Chickering
IPC分类号： G06F11/30 , G06F12/14 , G06F21/00 , G08B23/00 , H04L9/32
CPC分类号： G06F21/552 , H04L63/083 , H04L63/1425 , H04L63/1458
摘要： In general, the invention is directed toward techniques for controlling access to a network or other computing resource in order to slow down the execution of a password attack while providing minimal obstruction to normal network activity. The method includes generating a history of successful network logins, detecting symptoms of a network password attack, and activating countermeasures in response to the detection. The method further includes receiving a valid login request from the user while the countermeasures are activated and analyzing the history of successful network logins to determine whether the valid login request satisfies a match condition. The method further includes granting the user access to the network when the valid login request satisfies the match condition and denying the user access to the network when the valid login request does not satisfy the match condition even though the valid login request contains a valid username and a valid password.
摘要翻译：通常，本发明涉及用于控制对网络或其他计算资源的访问的技术，以便减少密码攻击的执行，同时为正常的网络活动提供最小的障碍。该方法包括生成网络登录成功的历史，检测网络密码攻击的症状，并响应检测激活对策。该方法还包括在激活对策时从用户接收有效的登录请求，并分析成功的网络登录历史，以确定有效的登录请求是否满足匹配条件。该方法还包括当有效登录请求满足匹配条件时允许用户访问网络，并且当有效登录请求不满足匹配条件时拒绝用户对网络的访问，即使有效登录请求包含有效的用户名，以及一个有效的密码。

6. 发明授权

US08214411B2 Atomic deletion of database data categories 有权
标题翻译：原子删除数据库数据类别
公开(公告)号：US08214411B2
公开(公告)日：2012-07-03
申请号：US12637930
申请日：2009-12-15
申请人： Clifford E. Kahn , Roger A. Chickering
发明人： Clifford E. Kahn , Roger A. Chickering
IPC分类号： G06F17/30
CPC分类号： G06F17/30348
摘要： A device maintains, in a database, a plurality of data items, each data item of the plurality of data items being associated with a respective category. The device associates, in the database, a first counter value with each data item, the first counter value indicating a number of times the respective category has been deleted from the database at a time when the data item was stored in the database. The device associates, in the database or another database, a second counter value with the respective category, the second counter value indicating a current value for a number of times the respective category has been deleted from the database. The device selectively deletes, from the database, one or more data items of the plurality of data items from the database based on the first counter values and the second counter value.
摘要翻译：一种设备在数据库中维护多个数据项，所述多个数据项中的每个数据项与相应类别相关联。所述设备在数据库中与第一计数器值与每个数据项相关联，所述第一计数器值指示在数据项存储在数据库中时相应类别已从数据库中删除的次数。该设备在数据库或另一个数据库中将具有相应类别的第二计数器值相关联，第二计数器值指示相应类别已经从数据库中删除的次数的当前值。该设备基于第一计数器值和第二计数器值从数据库中选择性地从数据库中删除多个数据项中的一个或多个数据项。

7. 发明授权

US08185642B1 Communication policy enforcement in a data network 有权
标题翻译：数据网络中的通信策略实施
公开(公告)号：US08185642B1
公开(公告)日：2012-05-22
申请号：US11281905
申请日：2005-11-18
申请人： Theron Tock , Roger A. Chickering
发明人： Theron Tock , Roger A. Chickering
IPC分类号： H04L9/00 , H04L9/32
CPC分类号： H04L63/0227 , H04L63/102 , H04L63/126
摘要： A device is configured to receive authorization information from a first network device and to receive a request that data units sent to a destination device contain authorization information, where the request is received from a second network device. The device is configured to assemble authorized data units by associating the authorization information with content intended for a destination device, where the content can be exchanged with the destination device during authorized communication. The device is configured to provide at least one of the authorized data units to the second network device so that the second network device can establish the authorized communication between the device and the destination device.
摘要翻译：设备被配置为从第一网络设备接收授权信息并且接收发送到目的地设备的数据单元包含授权信息的请求，其中从第二网络设备接收到请求。该设备被配置为通过将授权信息与旨在用于目的地设备的内容相关联来组装授权数据单元，其中可以在授权通信期间内容与目的地设备交换。该设备被配置为向第二网络设备提供至少一个授权数据单元，使得第二网络设备可以在设备和目的地设备之间建立授权的通信。

8. 发明申请

US20110153854A1 SESSION MIGRATION BETWEEN NETWORK POLICY SERVERS 审中-公开
标题翻译：网络政策服务器之间的会议迁移
公开(公告)号：US20110153854A1
公开(公告)日：2011-06-23
申请号：US12651081
申请日：2009-12-31
申请人： Roger A. Chickering
发明人： Roger A. Chickering
IPC分类号： G06F15/16
CPC分类号： H04L63/0815 , H04L63/20 , H04L67/146
摘要： A policy device grants access to a client device, without authenticating the client device, when the client device provides a session identifier to the policy device that was previously granted to the client device by a second policy device upon authenticating the client device by the second policy device. In one example, a policy device includes a network interface that receives a session identifier from a client device, wherein the policy device comprises an individually administered autonomous policy server, and an authorization module that grants the client device access to a network protected by the policy device based on the session identifier without authenticating the client device by the policy device. In this manner, the client device need not provide authentication information multiple times within a short time span, and the policy device can deallocate resources when a session migrates to a second policy device.
摘要翻译：当客户端设备在由第二策略认证客户端设备时，由第二策略设备向先前授予客户机设备的策略设备提供会话标识符时，策略设备授权对客户端设备的访问，而不验证客户端设备设备。在一个示例中，策略设备包括从客户端设备接收会话标识符的网络接口，其中策略设备包括单独管理的自治策略服务器，以及授权模块，其授权客户端设备访问受策略保护的网络设备基于会话标识符，而不通过策略设备认证客户端设备。以这种方式，客户端设备不需要在短时间内多次提供认证信息，并且策略设备可以在会话迁移到第二策略设备时释放资源。

9. 发明授权

US08990891B1 Provisioning layer two network access for mobile devices 有权
标题翻译：配置层两个移动设备的网络接入
公开(公告)号：US08990891B1
公开(公告)日：2015-03-24
申请号：US13166376
申请日：2011-06-22
申请人： Roger A. Chickering , Jeffrey C. Venable, Sr.
发明人： Roger A. Chickering , Jeffrey C. Venable, Sr.
IPC分类号： H04L29/02 , G06F21/44
CPC分类号： H04L63/0876 , G06F21/74 , G06F21/85 , G06F2221/2105 , H04L63/0272 , H04L63/0884 , H04L63/0892 , H04L63/105 , H04L63/162 , H04L63/164 , H04W12/06
摘要： In general, techniques are described for provisioning layer two access in computer networks. A network device located in a public network comprising an interface and a control unit may implement the techniques. The interface establishes a session with a mobile device. The control unit requests security state data identifying a security state of the mobile device via the established session. The interface receives a mobile device identifier and the security state data from the mobile device via the session. The mobile device identifier identifies the mobile device. The control unit publishes the security state information to a database such that the security state information is associated with the mobile device identifier.
摘要翻译：一般来说，描述了在计算机网络中提供第二层访问的技术。位于包括接口和控制单元的公共网络中的网络设备可以实现这些技术。接口与移动设备建立会话。控制单元通过建立的会话请求识别移动设备的安全状态的安全状态数据。该接口经由会话从移动设备接收移动设备标识符和安全状态数据。移动设备标识符标识移动设备。控制单元将安全状态信息发布到数据库，使得安全状态信息与移动设备标识符相关联。

10. 发明授权

US08959569B2 Security enforcement in virtualized systems 有权
标题翻译：虚拟化系统中的安全执行
公开(公告)号：US08959569B2
公开(公告)日：2015-02-17
申请号：US13051471
申请日：2011-03-18
申请人： Krishna Narayanaswamy , Roger A. Chickering , Steve Malmskog
发明人： Krishna Narayanaswamy , Roger A. Chickering , Steve Malmskog
IPC分类号： G06F21/00 , G06F9/50 , G06F21/53 , G06F21/60 , H04L29/06 , G06F9/455
CPC分类号： H04L63/20 , G06F9/45558 , G06F9/5077 , G06F21/53 , G06F21/604 , G06F2009/45587 , G06F2221/2141 , G06F2221/2149 , H04L63/10 , H04L63/1416 , H04L63/1433
摘要： A system includes a virtual machine (VM) server and a policy engine server. The VM server includes two or more guest operating systems and an agent. The agent is configured to collect information from the two or more guest operating systems. The policy engine server is configured to: receive the information from the agent; generate access control information for a first guest OS, of the two or more guest operating systems, based on the information; and configure an enforcer based on the access control information.
摘要翻译：系统包括虚拟机（VM）服务器和策略引擎服务器。 VM服务器包括两个或多个客户机操作系统和代理。代理被配置为从两个或多个客户操作系统收集信息。策略引擎服务器被配置为：从代理接收信息; 基于所述信息生成所述两个或多个客户操作系统的第一客户操作系统的访问控制信息; 并根据访问控制信息配置执行者。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式